OpenFISMA 2.9 Released – openfisma.org
Release 2.9 does not include any major new features, but it does include several small feature enhancements and under-the-hood improvements, as well as a slew of bug fixes.

Wi-fEye – wi-feye.za1d.com
Wi-fEye is designed to help with network penetration testing, Wi-fEye will allow you to perform a nubmer of powerful attacks.

WSFuzzer – owasp.org
This tool was created based on, and to automate, some real-world manual SOAP pen testing work.

RIPS 0.34 – sourceforge.net/projects/rips-scanner/
RIPS is a static source code analyser for vulnerabilities in PHP webapplications. It was released during the Month of PHP Security (www.php-security.org).

FiddlerCore v2.3.0.4 – fiddler2.com
FiddlerCore allows you to integrate HTTP/HTTPS traffic viewing and modification capabilities into your .NET application, without any of the Fiddler UI.

Open Source Tripwire 2.4.2 released! – sourceforge.net/apps/wordpress/tripwire/
It contains a couple of bug fixes and gave me the opportunity to get familiar with the software once more.

Techniques:

Danger of JSP Includes and Parameter Passing – michael-coates.blogspot.com
The current “fail-over” type behavior of reqeust.getParameter is not expected and can result in dangerous XSS vulnerabilities as indicated above.

Memory Forensics For Pentesters: Part 1 – room362.com
This is part one in a series of presentations I will be giving at the NoVAHackers meetings on forensics of all kinds as it can be leveraged in a penetration test.

Digging deeper into Stuxnet
But new information about the worm shows that it leverages at least three other previously unknown security holes in Windows PCs, including a vulnerability that Redmond fixed in a software patch released today.

Windows HOSTS File Script To Block Bad Domains – sans.org
A well-known trick to block the domain names used by malware, spyware and advertising sites is to add these names to one’s HOSTS file using an invalid IP address such as “0.0.0.0″.

From 0x90 to 0x4c454554, a journey into exploitation – myne-us.blogspot.com
In the last few weeks I have been diving deeper down the rabbit hole of exploitation work and with a bit of work and time to prepare myself for the long run I compiled a set of areas to study in a course type layout.

Musings on Metasploit – technicalinfodotnet.blogspot.com
It’s always fun to watch HD Moore as he covers the latest roadmap for Metasploit – explaining the progress of various evasion techniques as they’re integrated in to the tool and deriding the progress of various “protection” technologies.

Hole in Linux kernel provides root rights – h-online.com
A vulnerability in the 32-bit compatibility mode of the current Linux kernel (and previous versions) for 64-bit systems can be exploited to escalate privileges.

Redmond sends some security updates
Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. Furthermore, six of the nine bulletins either do not affect the latest version of our products or affect them with reduced severity.

Security update for Samba 3.5 – Update – h-online.com
The Samba developers have released version 3.5.5 of Samba, a security update that addresses a buffer overrun vulnerability in their open source file and print server software.

Firefox 3.6 Released – mozilla.com
Fixed a single stability issue affecting a limited number of users.

FireStarter: Automating Secure Software Development – securosis.com
So let’s take security out of the application developers’ hands entirely and build it in with compilers and pre-compilers that take care of bad code automatically. That way they can continue to be ignorant, and we’ll fix it for them!

Alleged HDCP Encryption Crack Is No Pirate Bonanza – wired.com
Hollywood studios and the maker and licensing authority of the High-Bandwidth Digital Content Protection standard were scrambling Wednesday to determine whether a so-called “master key” to the anti-piracy encryption technology has leaked onto the internet.

Security researchers ‘destroy’ Microsoft ASP.NET security – theinquirer.net
The exploit, to be shown off at the Ekoparty Conference later this week, could affect millions of websites that use AES encryption functions built into Microsoft’s ASP.NET software to protect the integrity of cookies during user sessions.

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.